Vulnerability Details CVE-2019-4444
IBM API Connect 2018.1 through 2018.4.1.7 Developer Portal's user registration page does not disable password autocomplete. An attacker with access to the browser instance and local system credentials can steal the credentials used for registration. IBM X-Force ID: 163453.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 29.1%
CVSS Severity
CVSS v3 Score 5.1
CVSS v2 Score 2.1
References
Products affected by CVE-2019-4444
-
cpe:2.3:a:ibm:api_connect:2018.1.0
-
cpe:2.3:a:ibm:api_connect:2018.2.1
-
cpe:2.3:a:ibm:api_connect:2018.2.10
-
cpe:2.3:a:ibm:api_connect:2018.2.11
-
cpe:2.3:a:ibm:api_connect:2018.2.2
-
cpe:2.3:a:ibm:api_connect:2018.2.3
-
cpe:2.3:a:ibm:api_connect:2018.2.4
-
cpe:2.3:a:ibm:api_connect:2018.2.5
-
cpe:2.3:a:ibm:api_connect:2018.2.6
-
cpe:2.3:a:ibm:api_connect:2018.2.7
-
cpe:2.3:a:ibm:api_connect:2018.2.8
-
cpe:2.3:a:ibm:api_connect:2018.2.9
-
cpe:2.3:a:ibm:api_connect:2018.3.1
-
cpe:2.3:a:ibm:api_connect:2018.3.2
-
cpe:2.3:a:ibm:api_connect:2018.3.3
-
cpe:2.3:a:ibm:api_connect:2018.3.4
-
cpe:2.3:a:ibm:api_connect:2018.3.5
-
cpe:2.3:a:ibm:api_connect:2018.3.6
-
cpe:2.3:a:ibm:api_connect:2018.3.7
-
cpe:2.3:a:ibm:api_connect:2018.4.1.0
-
cpe:2.3:a:ibm:api_connect:2018.4.1.1
-
cpe:2.3:a:ibm:api_connect:2018.4.1.2
-
cpe:2.3:a:ibm:api_connect:2018.4.1.3
-
cpe:2.3:a:ibm:api_connect:2018.4.1.4
-
cpe:2.3:a:ibm:api_connect:2018.4.1.5
-
cpe:2.3:a:ibm:api_connect:2018.4.1.6
-
cpe:2.3:a:ibm:api_connect:2018.4.1.7